Vulnerabilities > Mozilla > Firefox
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-24 | CVE-2021-23998 | Insufficient Verification of Data Authenticity vulnerability in Mozilla Thunderbird Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. | 6.5 |
| 2021-06-24 | CVE-2021-23999 | Incorrect Comparison vulnerability in Mozilla Thunderbird If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. | 8.8 |
| 2021-06-24 | CVE-2021-24000 | Race Condition vulnerability in Mozilla Firefox A race condition with requestPointerLock() and setTimeout() could have resulted in a user interacting with one tab when they believed they were on a separate tab. | 3.1 |
| 2021-06-24 | CVE-2021-24001 | Exposure of Resource to Wrong Sphere vulnerability in Mozilla Firefox A compromised content process could have performed session history manipulations it should not have been able to due to testing infrastructure that was not restricted to testing-only configurations. | 4.3 |
| 2021-06-24 | CVE-2021-24002 | Injection vulnerability in Mozilla Thunderbird When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. | 8.8 |
| 2021-06-24 | CVE-2021-29944 | Cross-site Scripting vulnerability in Mozilla Firefox Lack of escaping allowed HTML injection when a webpage was viewed in Reader View. | 6.1 |
| 2021-06-24 | CVE-2021-29945 | Incorrect Calculation vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. | 6.5 |
| 2021-06-24 | CVE-2021-29946 | Integer Overflow or Wraparound vulnerability in Mozilla Thunderbird Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header. | 8.8 |
| 2021-06-24 | CVE-2021-29947 | Out-of-bounds Write vulnerability in Mozilla Firefox Mozilla developers and community members reported memory safety bugs present in Firefox 87. | 8.8 |
| 2021-06-24 | CVE-2021-29951 | Improper Privilege Management vulnerability in Mozilla Firefox The Mozilla Maintenance Service granted SERVICE_START access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service. | 6.5 |